Aero Posted September 8, 2010 Posted September 8, 2010 Hi, I am totally non-technical but have done my best to follow the PC cleanup. Other people have access to my PC, 2 irresponsible teenagers and someone a lot more technical than me. Lately my PC has been taking forever to start-up and it sometimes hangs at startup (I just reboot until it works) slighly weird things have been happening, like dialling tones (I do not think I have a modem, am not even sure if it os relevant) Is there anything obviously wrong with this? TY in advance for looking at it Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:17:27, on 9/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\dlbucoms.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\O2\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe c:\WINDOWS\system32\ZuneBusEnum.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.broadband.o2.co.uk O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- End of file - 8310 bytes
Administrator Tarun Posted September 8, 2010 Administrator Posted September 8, 2010 Did any of the anti-spyware programs find anything? At a glance I don't see anything malicious. You'll definitely want to uninstall any/all toolbars.
Aero Posted September 9, 2010 Author Posted September 9, 2010 TY for looking at it Did any of the anti-spyware programs find anything? At a glance I don't see anything malicious. oh umm, yes they did but I didn't think to make notes. I just clicked 'fix the problem'. it was not many, there were 10 very similar things listed as a possible trojan and in another program 2 things that I looked up on the net that seemed to be regarded as false positives, but i got rid of them anyway. You'll definitely want to uninstall any/all toolbars. I went to add/remove programs and uninstalled the google toolbar....I think I have done this before and it comes back. I did not find anything called windows live toolbar, so i randomly removed windows live stuff and it seems to have gone. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:37:52, on 9/9/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dlbucoms.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\O2\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe c:\WINDOWS\system32\ZuneBusEnum.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.broadband.o2.co.uk O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- End of file - 7629 bytes
greenknight Posted September 9, 2010 Posted September 9, 2010 The hanging at startup could be due to the auto-update bug we've been discussing on another thread. You're vulnerable to this if your computer is running Win XP, has 1 GB RAM or less, and you've opted in to Microsoft Update (Windows Update is the default update site for XP, if there's also a Microsoft Update link in your Start Menu, you have opted in to it). To confirm this is the problem, open the Task Manager while the computer is hanging (press Ctrl+Alt+Delete). See which processes have high CPU and Mem Usage; if wuauclt.exe and one svchost.exe are using all your resources, it's the update bug. For more information, see this thread. Discussion of this starts in post #10, a workaround is in post #13.
Administrator Tarun Posted September 9, 2010 Administrator Posted September 9, 2010 Since the scanners found things you may want to run a full scan with MBAM and then SAS.
Aero Posted September 10, 2010 Author Posted September 10, 2010 TY for the answers The hanging at startup could be due to the auto-update bug we've been discussing on another thread. You're vulnerable to this if your computer is running Win XP, has 1 GB RAM or less, and you've opted in to Microsoft Update (Windows Update is the default update site for XP, if there's also a Microsoft Update link in your Start Menu, you have opted in to it). To confirm this is the problem, open the Task Manager while the computer is hanging (press Ctrl+Alt+Delete). See which processes have high CPU and Mem Usage; if wuauclt.exe and one svchost.exe are using all your resources, it's the update bug. For more information, see this thread. Discussion of this starts in post #10, a workaround is in post #13. I am running XP, I have no idea how much RAM. I couldn't open task manager or do anything when the PC hung this morning. So I went ahead and did the work around anyway (After 3 reboots) I have a few questions that may seem silly, but I don't know.... As I have 4 users on the PC I don't have to do it for each user account do I? Why did you say you do not use windows live, how does that affect this? I use hotmail for some emails, I think that is related to windows live? Tarun, ty I will get to that after seeing what the above does to the PC
greenknight Posted September 10, 2010 Posted September 10, 2010 I guess that's another way to test - try the workaround and see if the problem goes away. Let's hope it does. You should still run those scans Tarun recommended, though. To check how much RAM you have, go to Start > My Computer, click "View system information" in the sidebar; in the General tab (which it should open to), under Computer:, it has info on your CPU and RAM. You don't need to do the workaround for the other user accounts. Using Windows Live doesn't affect this problem at all, I was just saying that I'm not concerned about keeping Windows Live components up to date. Once you disable Microsoft Update, you no longer get automatic updates to Windows Live components - or Microsoft Office, or Silverlight (if installed). MS Office is the only one of those I care about. Hopefully, Microsoft will fix this problem soon and we can all re-enable Microsoft Update permanently.
greenknight Posted September 12, 2010 Posted September 12, 2010 The Microsoft Update problem has been fixed, you should re-enable it now. Since uninstalling the software removes your MS Update link, here's one: Microsoft Update You can expect it to cause a hang the first time it runs due to the old detection logic being cached on your computer, but after that there'll be no more problem. Check out James_A's post on the subject.
Aero Posted September 14, 2010 Author Posted September 14, 2010 TY again for the help. I am still having problems at start-up and just after, my pc freezes and nothing can be done. After about 3 reboots it works ok. I now know I have 2.50 GB RAM ? I followed the instructions to re-enable Microsoft update. Assuming SAS is SUPERAntiSpyware and MBAM is Malwarebytes…. I ran SAS again and it found 19 tracking cookies and 2 trojans – the same as before, I think. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/14/2010 at 10:02 AM Application Version : 4.42.1000 Core Rules Database Version : 5463 Trace Rules Database Version: 3275 Scan type : Complete Scan Total Scan Time : 01:35:09 Memory items scanned : 527 Memory threats detected : 0 Registry items scanned : 7850 Registry threats detected : 0 File items scanned : 49443 File threats detected : 21 Adware.Tracking Cookie gw.callingbanners.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ] ia.media-imdb.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ] stat.easydate.biz [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ] C:\Documents and Settings\Sam\Cookies\Sam@adserver.adtechus[1].txt C:\Documents and Settings\Sam\Cookies\Sam@adserver.mmoguru[1].txt C:\Documents and Settings\Sam\Cookies\Sam@advertising[2].txt atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] cdn.insights.gravity.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] cdn5.specificclick.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] m.uk.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] m1.emea.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] media.disneyinternational.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] media1.clubpenguin.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] s0.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] secure-us.imrworldwide.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] spe.atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] static.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] track.omguk.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] C:\Documents and Settings\Julia\Cookies\Julia@marketlive.122.2o7[1].txt Trojan.Agent/Gen-FakeAlert C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165513.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165514.EXE Then I ran Malwarebytes, it ran for 2 hours and found nothing but when I tried to look at the log I got an error (error at line 1. Line txt Malwarebytes’ Antimalware 1.44. Err this line does not sontain a recognised action)
Administrator Tarun Posted September 14, 2010 Administrator Posted September 14, 2010 You just have a trojan in your System Restore according to the SAS log. Create a new SR point and then clean out all but the most recent via cleanup in Tools tab for your hard drive. Also, your MBAM is out of date according to that log. 1.46 is the latest.
James_A Posted September 15, 2010 Posted September 15, 2010 I am still having problems at start-up and just after, my pc freezes and nothing can be done. After about 3 reboots it works ok. I now know I have 2.50 GB RAM ? Hmmmm. That doesn't sound healthy. Maybe we will have to look for another cause. Do you have a current backup of all importnat documents, photos etc. on your PC? .
Aero Posted September 15, 2010 Author Posted September 15, 2010 You just have a trojan in your System Restore according to the SAS log. Create a new SR point I don't know how to create a new SR but I will work on it - may take me some time... and then clean out all but the most recent via cleanup in Tools tab for your hard drive. I hate to sound all girly but could you be a little more specific, I have no idea what this means. edit - I found this, I hope it was right... http://www.lockergnome.com/windows/2005/04/12/delete-system-restore-points-to-free-disk-space/ Also, your MBAM is out of date according to that log. 1.46 is the latest. Yes, when I click update I get an error message, I thought I would try to deal with that later. Hmmmm. That doesn't sound healthy. Maybe we will have to look for another cause. Do you have a current backup of all importnat documents, photos etc. on your PC? . umm no, but I have asked someone to show me how to get all photos on to disk. I have lost everything before, and this is very worrying.
Administrator Tarun Posted September 15, 2010 Administrator Posted September 15, 2010 That URL was indeed correct. http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx <-- See Create Restore Points Manually. After you've made a System Restore point, run cleanmgr.exe from the link you listed and it will remove all except the latest restore point. For MBAM 1.46, use AMT to get it. I'm thinking there might be a hardware issue. Does this happen if you boot into Safe Mode?
Aero Posted September 15, 2010 Author Posted September 15, 2010 For MBAM 1.46, use AMT to get it. OK I worked out what AMT is and have done that - will leave it running over night. edit: it ran, and did not find anything but I cannot see the log, I have the same error as before (error at line 1. Line txt: Malwarebytes’ Antimalware 1.46 Error: this line does not contain a recognised action) I'm thinking there might be a hardware issue. Does this happen if you boot into Safe Mode? no idea as it happens I do know how to get into safe mode - but I have no idea what to do when I am there...
James_A Posted September 16, 2010 Posted September 16, 2010 For MBAM 1.46, use AMT to get it. OK I worked out what AMT is ... For those who haven't, or who have forgotten, try this link: Anti-Malware Toolkit. The only time I've seen Error: this line does not contain a recognised action it was in AutoHotkey, not in MBAM .
Administrator Tarun Posted September 16, 2010 Administrator Posted September 16, 2010 no idea as it happens I do know how to get into safe mode - but I have no idea what to do when I am there... Did you experience any of the mentioned symptoms booting into Safe Mode?
Aero Posted September 17, 2010 Author Posted September 17, 2010 Did you experience any of the mentioned symptoms booting into Safe Mode? No, and it has not happened for the past 2 days now. Have we solved it? any idea how? James, it is definately a MBAM error when I try to see a log file, I would show you but I dont know how :(
Administrator Tarun Posted September 18, 2010 Administrator Posted September 18, 2010 It's possible the removal of malware may have resolved the issue, or some maintenance you did may have fixed it.
Aero Posted September 21, 2010 Author Posted September 21, 2010 well thanks for all the help. Everything seems to be going smoothly now :dribble:
Administrator Tarun Posted September 21, 2010 Administrator Posted September 21, 2010 Good to hear, Aero! I'm going to mark this as resolved.
Administrator Tarun Posted September 21, 2010 Administrator Posted September 21, 2010 The issue this thread has been opened for has been resolved. If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup It is recommended that you review our PC Security wiki page to help secure your computer and protect it.
Recommended Posts